The Open Source Software Adoption Process (OSSAP) is a structured approach to third party code adoption that allows organizations to leverage open source software in their projects effectively and ensures compliance with licenses and organizational policies. Get our 8 step blueprint of the best practices to follow in large and small organizations. This eight-step blueprint is based on a survey of current organizational best practices and our practical experience over the last four years.
Companies are facing increased pressure to produce quality code. Management of the code base becomes critical as does the need to identify security vulnerabilities and ensure open source compliance. Managed adoption of open source software leads to accelerated development, reduced costs and improved software quality while containing security vulnerabilities and removing intellectual property uncertainties.
Automated software composition analysis is the only way to effectively manage these pressures.
Sooner or later, every software organization will go through a software audit. There are many reasons to audit: a pending M&A, product delivery to a customer, a technology transfer between organizations or simply the desire to maintain quality internal records.
You can streamline the audit process by following our six simple guidelines shown here. Clearly separating commercial, open source and proprietary code, maintaining the original software license and folder structures and ensuring that every source file has identifying header information are simple steps that can greatly reduce your overall audit effort.
Most financial transactions involving software such as M&A activities, technology investments, technology transfers and product deliveries involve a technical due diligence process. With widespread use of open source software in almost every technology segment and all organizations, the sensitivity to code ownership and the need for compliance with open source software licenses has increased. Protecode has been offering audit services to this market for many years. The associated infographic is a simplified view of four key findings after auditing over a million software files that were included in more than hundred transactions. Individual software portfolios involved in the transactions were as small as 2500 files, and as large as 200,000 files.
Protecode has compared the attributes of open source projects held in organized, tightly governed open source forges such as Apache and CodePlex, with free-for-all forges having little or no project governance such as SourceForge or GitHub. In this context, governance means the ability of any person or group of people to post a project onto the site. For this infographic four of these forges were compared – two unregulated forges and two forges that are supported by a governing organization.
In making the decision to release their work as open source, it’s important for developers to realize that they don’t have to give up the rights to their work by doing so. By licensing work as open source, the creator of the code still holds the copyright to it. In very broad terms, when a project is released under an open source license, all future iterations of that project can credit the creator of the project for the foundation they created. We have identified four general categories of licenses.
Measuring the return on investment (ROI) of open source license management tools can be difficult. As open source adoption becomes mainstream, open source compliance management is maturing. Organizations are moving away from manual code audits, which can be both cost and labour intensive, to real-time, automated open source scanning tools. Moving to an automated open source management process can save your organization time and lower development costs.